Alias /repo/ /srv/cache/lookaside/

# default SSL configuration...
Listen 443

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

Mutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

Alias /robots.txt /var/www/robots-src.txt
<Location /robots.txt>
    Require all granted
</Location>

<VirtualHost _default_:80>
    ServerName pkgs{{ env_suffix }}.fedoraproject.org
    #RewriteCond expr "! -R '192.168.0.0/16'"        
    #RewriteCond expr "! -R '10.0.0.0/8'"            
    #RewriteRule ^(.*)$ https://src.fedoraproject.org/$1 [L,R]
    Alias /repo/ /srv/cache/lookaside/

    <Location />
        Require ip 127.0.0.1
        Require ip ::1
        Require ip 10.0.0.0/8
        Require ip 192.168.0.0/16
    </Location>

    CustomLog "logs/pkgs-access.log" combined
    ErrorLog "logs/pkgs-error.log"
    Alias /robots.txt /var/www/robots-pkgs.txt
    <Location /robots.txt>
        Require all granted
    </Location>

    RewriteEngine on
    RewriteRule "^/(.*)$" "https://src{{ env_suffix }}.fedoraproject.org/$1"
    RewriteRule "^/login/$" "https://src{{ env_suffix }}.fedoraproject.org/login/"
</VirtualHost>

<VirtualHost _default_:443>
    # This alias must come before the /repo/ one to avoid being overridden.
    ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi

    Alias /repo/ /srv/cache/lookaside/
    ServerName pkgs{{ env_suffix }}.fedoraproject.org
    ServerAdmin webmaster@fedoraproject.org

    SSLEngine on

    SSLCertificateFile    conf/pkgs.fedoraproject.org_key_and_cert.pem
    SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem
    SSLCACertificateFile  conf/cacert.pem
    SSLCARevocationFile  /etc/pki/tls/crl.pem

    SSLProtocol {{ ssl_protocols }}
    SSLCipherSuite {{ ssl_ciphers }}

    Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
</VirtualHost>

# Allow upload via src
<VirtualHost _default_:80>
    # This alias must come before the /repo/ one to avoid being overridden.
    ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi

    Alias /repo/ /srv/cache/lookaside/
    ServerName src{{ env_suffix }}.fedoraproject.org
    ServerAdmin webmaster@fedoraproject.org

    ErrorLog logs/ssl_error_log

   <Location /repo/pkgs/upload.cgi>
       Options +ExecCGI

       AuthType GSSAPI
       GssapiSSLonly Off
       AuthName "GSSAPI Single Sign On Login"
       GssapiCredStore keytab:/etc/httpd.keytab

       Require valid-user
    </Location>


  # Insert the redirect rules allowing pagure to override some of its static
  # files. This is pagure related not so much lookaside related but since this
  # is using a VirtualHost on port 80 we need to group the configs

  # Configure static files so that a custom theme can override the defaults
  RewriteEngine on

  # Check if the static file exists in the template directory
  RewriteCond "/usr/share/pagure_dist_git/static/$1" -f
  # If it does, use it
  RewriteRule "^/static/(.*)" "/usr/share/pagure_dist_git/static/$1" [L]
  # Otherwise back out and use the default static folder/theme
  RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pagure/static/$1" [L]

</VirtualHost>

